fix: get subdomains permission working

src/backend/src/CoreModule.js

@@ -158,6 +158,7 @@ const install = async ({ context, services, app, useapi, modapi }) => {
             SQLES, { table: 'app', debug: true },
             AppES,
             AppLimitedES, {
+                permission_prefix: 'apps-of-user',
                 // When apps query es:apps, they're allowed to see apps which
                 // are approved for listing and they're allowed to see their
                 // own entry.
@@ -202,7 +203,7 @@ const install = async ({ context, services, app, useapi, modapi }) => {
         upstream: ESBuilder.create([
             SQLES, { table: 'subdomains', debug: true },
             SubdomainES,
-            AppLimitedES,
+            AppLimitedES, { permission_prefix: 'subdomains-of-user' },
             WriteByOwnerOnlyES,
             ValidationES,
             SetOwnerES,

src/backend/src/modules/apps/AppPermissionService.js

@@ -8,7 +8,8 @@ class AppPermissionService extends BaseService {
         svc_permission.register_implicator(PermissionImplicator.create({
             id: 'user-can-grant-read-own-apps',
             matcher: permission => {
-                return permission.startsWith('apps-of-user:');
+                return permission.startsWith('apps-of-user:') ||
+                    permission.startsWith('subdomains-of-user:');
             },
             checker: async ({ actor, permission }) => {
                 if ( ! (actor.type instanceof UserActorType) ) {

src/backend/src/om/entitystorage/AppLimitedES.js

@@ -35,7 +35,7 @@ class AppLimitedES extends BaseES {
         app_under_user_check:
         if ( actor.type instanceof AppUnderUserActorType ) {
             const svc_permission = Context.get('services').get('permission');
-            const perm = PermissionUtil.join('apps-of-user', actor.type.user.uuid, 'read');
+            const perm = PermissionUtil.join(this.permission_prefix, actor.type.user.uuid, 'read');
             const can_read_any = await svc_permission.check(actor, perm);
 
             if ( can_read_any ) break app_under_user_check;
@@ -124,7 +124,7 @@ class AppLimitedES extends BaseES {
         // (in which case we return early)
         {
             const svc_permission = Context.get('services').get('permission');
-            const perm = PermissionUtil.join('apps-of-user', actor.type.user.uuid, 'write');
+            const perm = PermissionUtil.join(this.permission_prefix, actor.type.user.uuid, 'write');
             const can_write_any = await svc_permission.check(actor, perm);
             if ( can_write_any ) return;
         }